ipa-4.12.2-13
- Resolves: RHEL-67912 Add DNS over TLS Support, require bind 32:9.18.33-2 and bind-dyndb-ldap 11.11-1 Signed-off-by: Thomas Woerner <twoerner@redhat.com>
This commit is contained in:
Thomas Woerner
parent
5a34f265f7
commit
837c02b504
1447
0065-Add-DNS-over-TLS-support.patch
Normal file
1447
0065-Add-DNS-over-TLS-support.patch
Normal file
File diff suppressed because it is too large
Load Diff
37
freeipa.spec
37
freeipa.spec
@ -85,7 +85,7 @@
|
||||
|
||||
# Fix for TLS 1.3 PHA, RHBZ#1775158
|
||||
%global httpd_version 2.4.37-21
|
||||
%global bind_version 9.11.20-6
|
||||
%global bind_version 32:9.18.33-2
|
||||
|
||||
# support for passkey
|
||||
%global sssd_version 2.10.0
|
||||
@ -207,7 +207,7 @@
|
||||
|
||||
Name: %{package_name}
|
||||
Version: %{IPA_VERSION}
|
||||
Release: 12%{?rc_version:.%rc_version}%{?dist}
|
||||
Release: 13%{?rc_version:.%rc_version}%{?dist}
|
||||
Summary: The Identity, Policy and Audit system
|
||||
|
||||
License: GPL-3.0-or-later
|
||||
@ -302,6 +302,7 @@ Patch0061: 0061-ipatests-restart-dirsrv-after-time-jumps.patch
|
||||
Patch0062: 0062-ipa-otpd-do-not-pass-OIDC-client-secret-if-there-is-.patch
|
||||
Patch0063: 0063-Migrate-Keycloak-tests-to-JDK-21-and-Keycloak-26.patch
|
||||
Patch0064: 0064-Apply-certmonger_timeout-to-start_tracking-and-reque.patch
|
||||
Patch0065: 0065-Add-DNS-over-TLS-support.patch
|
||||
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
|
||||
%endif
|
||||
%endif
|
||||
@ -655,7 +656,7 @@ If you are installing an IPA server, you need to install this package.
|
||||
Summary: IPA integrated DNS server with support for automatic DNSSEC signing
|
||||
BuildArch: noarch
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
Requires: bind-dyndb-ldap >= 11.2-2
|
||||
Requires: bind-dyndb-ldap >= 11.11-1
|
||||
Requires: bind >= %{bind_version}
|
||||
Requires: bind-utils >= %{bind_version}
|
||||
# bind-dnssec-utils is required by the OpenDNSSec integration
|
||||
@ -666,6 +667,7 @@ Requires: %{openssl_pkcs11_name} >= %{openssl_pkcs11_version}
|
||||
# See https://bugzilla.redhat.com/show_bug.cgi?id=1825812
|
||||
# RHEL 8.3+ and Fedora 32+ have 2.1
|
||||
Requires: opendnssec >= 2.1.6-5
|
||||
Recommends: %{name}-server-encrypted-dns
|
||||
%{?systemd_requires}
|
||||
|
||||
Provides: %{alt_name}-server-dns = %{version}
|
||||
@ -680,6 +682,15 @@ IPA integrated DNS server with support for automatic DNSSEC signing.
|
||||
Integrated DNS server is BIND 9. OpenDNSSEC provides key management.
|
||||
|
||||
|
||||
%package server-encrypted-dns
|
||||
Summary: support for encrypted DNS in IPA integrated DNS server
|
||||
Requires: %{name}-client-encrypted-dns
|
||||
|
||||
%description server-encrypted-dns
|
||||
Provides support for enabling DNS over TLS in the IPA integrated DNS
|
||||
server.
|
||||
|
||||
|
||||
%package server-trust-ad
|
||||
Summary: Virtual package to install packages required for Active Directory trusts
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
@ -760,6 +771,7 @@ Requires: libnfsidmap
|
||||
Requires: (nfs-utils or nfsv4-client-utils)
|
||||
Requires: sssd-tools >= %{sssd_version}
|
||||
Requires(post): policycoreutils
|
||||
Recommends: %{name}-client-encrypted-dns
|
||||
|
||||
# https://pagure.io/freeipa/issue/8530
|
||||
Recommends: libsss_sudo
|
||||
@ -801,6 +813,14 @@ If your network uses IPA for authentication, this package should be
|
||||
installed on every client machine.
|
||||
This package provides command-line tools for IPA administrators.
|
||||
|
||||
%package client-encrypted-dns
|
||||
Summary: Enable encrypted DNS support for clients
|
||||
Requires: unbound
|
||||
|
||||
%description client-encrypted-dns
|
||||
This package enables support for installing clients with encrypted DNS
|
||||
via DNS over TLS.
|
||||
|
||||
%package client-samba
|
||||
Summary: Tools to configure Samba on IPA client
|
||||
Group: System Environment/Base
|
||||
@ -1751,6 +1771,10 @@ fi
|
||||
%attr(644,root,root) %{_unitdir}/ipa-ods-exporter.socket
|
||||
%attr(644,root,root) %{_unitdir}/ipa-ods-exporter.service
|
||||
|
||||
%files server-encrypted-dns
|
||||
%doc README.md Contributors.txt
|
||||
%license COPYING
|
||||
|
||||
%files server-trust-ad
|
||||
%doc README.md Contributors.txt
|
||||
%license COPYING
|
||||
@ -1810,6 +1834,10 @@ fi
|
||||
%attr(600,root,root) %config(noreplace) %{_sysconfdir}/ipa/epn.conf
|
||||
%attr(644,root,root) %config(noreplace) %{_sysconfdir}/ipa/epn/expire_msg.template
|
||||
|
||||
%files client-encrypted-dns
|
||||
%doc README.md Contributors.txt
|
||||
%license COPYING
|
||||
|
||||
%files -n python3-ipaclient
|
||||
%doc README.md Contributors.txt
|
||||
%license COPYING
|
||||
@ -1920,6 +1948,9 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Feb 11 2025 Thomas Woerner <twoerner@redhat.com> - 4.12.2-13
|
||||
- Resolves: RHEL-67912 Add DNS over TLS Support, Require bind 32:9.18.33-2 and new bind-dyndb-ldap 11.11-1
|
||||
|
||||
* Tue Jan 28 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-12
|
||||
- Resolves: RHEL-72580 A slow HSM can cause IPA server installation to fail setting up certificate tracking
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user